I Can't Duplicate or Save My Newsletters

This article refers to MailPoet 2

If you're looking for MailPoet 3 articles, please go to MailPoet 3 Knowledge Base

Some users are experiencing this problem: they are unable to duplicate or save modifications to a newsletter.  "404 Not Found" errors on subscription forms or when duplicating a newsletter are also related to this issue.

This is due to some hosts loading a ruleset (usually is the Comodo ruleset) on their Apache Mod_Security module that prevents MailPoet from accessing the admin-ajax.php file, and the reason is related to this CVE: CVE-2014-3907

Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. Publish Date : 2014-08-26 Last Update Date : 2014-08-27

That prevents website visitors from subscribing to your website and administrators from duplicating and/or saving their newsletters, among other issues as well.

A temporary solution for our users running the latest version of MailPoet is to turn off Mod_Security on their websites by including this piece of code to the beginning of their  .htaccess file:
<IfModule mod_security.c>
  SecRuleEngine Off
  SecFilterInheritance Off
  SecFilterEngine Off
  SecFilterScanPOST Off

More information about disabling specific mod_security rules can be found here: http://resources.infosecinstitute.com/avoiding-mod-security-false-positives-white-listing/

In some cPanels, it's possible to manually disable Mod_Security for specific domains:

Step 1:

Step 2:

Step 3:

In case none of this works, get in touch with your host support and ask them to update their Mod_Security rules, since that CVE is already marked as fixed. This will then whitelist MailPoet.